Re: iptables and mysql...

From: Crucificator (
Date: 07/06/04

  • Next message: Crucificator: "Re: iptables and mysql..."
    Date: Tue, 06 Jul 2004 09:48:36 +0300
    To: General Red Hat Linux discussion list <>

    Jason Dixon wrote:

    > On Jul 5, 2004, at 1:43 PM, Crucificator wrote:
    >> Jason Dixon wrote:
    >>> On Jul 2, 2004, at 9:34 AM, bruce wrote:
    >>>> i'm investigating what needs to be done to allow mysql on a server
    >>>> to be
    >>>> used remotely by client machines. each machine is running iptables.
    >>>> so i'm
    >>>> wondering what has to be in the iptables for the machine being used
    >>>> as the
    >>>> mysql server, as well as the client machines that will be
    >>>> communicating with
    >>>> the mysql box...
    >>> If you're concerned with data sniffing in transit, you might also
    >>> consider one of the following:
    >>> - tunnelling your client connections through SSH
    >>> - MySQL-4.x supports SSL connections with x.509 certificates
    >> mostly when you put up a mysql server you need it for building
    >> dynamic pages with php let's say. So when you do such thing you only
    >> need to allow connections from localhost because connection is made
    >> from server-side. If this doesn't apply to you then you should check
    >> out stunnel.
    > I suggest you reserve your comments for threads where you have
    > sufficient experience. Most DBA's are probably giggling at your
    > comment. Real web applications routinely (more often than not)
    > segregate their data store on separate (redundant) servers. Using SSL
    > connections in addition to x.509 certs provides not only encryption,
    > but authentication as well.
    > --
    > Jason Dixon, RHCE
    > DixonGroup Consulting
    Dear Jason, most NA are probably giggling at your comment. I currently
    administer such a server wich serves tunneled dynamic HTTP for SQL for
    42 locations country-wide. We DO NOT have redundant servers. Have you
    heard of RAID solutions? And it saves bandwidth, time and money as well.
    I believe the lack of experience lies elsewere...

    redhat-list mailing list

  • Next message: Crucificator: "Re: iptables and mysql..."